Commit Graph

68882 Commits

Author SHA1 Message Date
Nico Hartmann
d4dd98f879 [cctest] Disable test-verify-type on lite mode
Change-Id: I0f732a3e7e970c02925c0ba4e93273a27605dec3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2875206
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74390}
2021-05-05 15:54:16 +00:00
v8-ci-autoroll-builder
72dd245dfe Update V8 DEPS.
Rolling v8/build: 85859d6..c5571d5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d4ee032..1ae270e

Rolling v8/third_party/depot_tools: 6b022d1..3da9171

Rolling v8/third_party/google_benchmark/src: 33c133a..d0c227c

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ifa5ee873b9133ceb50147d80cd40f3d271cd2680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874931
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74389}
2021-05-05 14:42:17 +00:00
Milad Fa
6e7f277461 [wasm] Add missing header needed for std::unique_ptr
This compilation error might happen without the header:
error: 'unique_ptr' in namespace 'std' does not name a template type

Change-Id: I103ce0496eff5dda85557410b4e7863c1c65aad0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873446
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74388}
2021-05-05 14:33:17 +00:00
Michael Lippautz
801d5a056d cppgc: Adjust explicit management calls
- Take HeapHandle& parameter to allow a use case of free() on an already
  dead object during sweeping.
- Change free() from T* to T& which forces an object and allows the
  caller to place the nullptr check before retrieving a heap handle.

Bug: chromium:1056170
Change-Id: I80689d27d3abe410d177cd8c86b31ff2fe579a77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874461
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74387}
2021-05-05 14:18:37 +00:00
Santiago Aboy Solanes
69c6a055e6 [compiler] Get/Set Map's inobject_properties_start atomically for CM
This field has been used with atomically relaxed semantics due to a race
with layout_descriptor [1]. Even though layout_descriptor doens't exist
anymore, this race is still present presumably because the transition to
a new map happens on StoreIC. We can set it as atomic for non-cm and
atomic relaxed for cm like we did with the other Map's fields.

Note that originally, this field was relaxed so we are reverting it
back to what it was for concurrent marking.

[1]: https://chromium-review.googlesource.com/c/v8/v8/+/555210/

Bug: v8:7790, v8:11696
Change-Id: I5d8c18bedb84b4bd5dc771e87310bc14409cfed8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874454
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74386}
2021-05-05 14:03:17 +00:00
Georg Neis
8e30ac0f7c [compiler] Remove MapRef::serialized_prototype()
... in favour of an optional return type for MapRef::prototype().
This also eliminates one kind of use of ShouldHaveBeenSerialized(),
which I want to get rid of entirely.

Bug: v8:7790
Change-Id: I031f067d644570e5c8aaeaf94c5ff69ff0515a99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874456
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74385}
2021-05-05 13:52:48 +00:00
Manos Koukoutos
c933f2db73 [wasm] Raise wasm array length limit
Bug: v8:7748
Change-Id: I039fa3cc1c236027d8e44cd5d9f2d713099911fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874452
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74384}
2021-05-05 13:44:27 +00:00
Ross McIlroy
f0368bc877 [Turboprop] Disable Node Splitting in Tubroprop scheduler.
Effect control linearization already does splitting on most constant nodes it
introduces, and we don't get much benifit otherwise for what is a fairly

BUG=v8:9684

Change-Id: I74301058d157cc163762722576f9301088f8e72a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874460
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74383}
2021-05-05 13:12:27 +00:00
Benedikt Meurer
e3f21e6ddd [wasm] Consider only function names from the name section.
As per WebAssembly Web API[1], the engine should only consider names
from the name section to synthesize function names in the context of
call stacks. We previously also added support to harvest the exports
table here in an attempt to improve the DevTools debugging experience,
but that needs a separate fix specifically for the inspector (which
should also take into account the imports to harvest names).

[1]: https://webassembly.github.io/spec/web-api/index.html#conventions

Fixed: chromium:1164305
Change-Id: I4bde5c8398a5164f1d8ac9060ad3743ed494c41e
Bug: chromium:1159307, chromium:1164241, chromium:1071432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874464
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74382}
2021-05-05 12:54:27 +00:00
Camillo Bruni
912118c07a [builtins] Remove IC_BUILTIN macros
The IC_BUILTIN and IC_BUILTIN_PARAM macro prevent code navigation and
they only avoid very simple, non-performance critical code.

Change-Id: Ic9d10a9c53a1890149d86b43a6989afae7f1d6f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871464
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74381}
2021-05-05 12:05:17 +00:00
Michael Achenbach
ea0eedcc9a [sanitizers] Correctly bundle sanitizer dependencies on swarming
Bug: chromium:1205004
Change-Id: Ib97dbc06ac62d7d1392d610651ccd15daf12bb89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872825
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74380}
2021-05-05 11:51:17 +00:00
Clemens Backes
97b4ed7438 Revert "cppgc: Save xmm registers on the stack"
This reverts commit 305aa12f8c.

Reason for revert: Breaks MSVC compilation: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/17718/overview

Original change's description:
> cppgc: Save xmm registers on the stack
>
> Microsoft x86_64 ABI considers XMM6-XMM15 as non-volatile
> (callee-saved), which means that the compiler can store pointers in them.
> We need to make sure they are pushed onto the stack inside the stack
> scanning trampolines.
>
> Bug: v8:11710
> Change-Id: Ida804fe49d3d3b6f179ec276903a42ec8d3d86be
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865745
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Auto-Submit: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74376}

Bug: v8:11710
Change-Id: I9593e55b5c935619a6707f3c00f9ac295475b30d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874462
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74379}
2021-05-05 11:44:08 +00:00
Antonio Sartori
bc1eb7b478 [api] Add API callback setter for the SAB origin trial
This change makes it possible to enable SharedArrayBuffer per Context,
controlling whether it should be enabled or not with a callback. The
previous implementation of the reverse origin trial for
SharedArrayBuffer was broken, since the feature could only be enabled
globally per process, and only if the feature flag is set early enough
in the v8 initialization. This does not play well with how origin
trials work.

The implementation is similar to the callbacks that already exist for
the origin trials for WebAssembly simd and exceptions.

SharedArrayBuffer is still controlled by the flag
harmony_sharedarraybuffer. If that flag is disabled, then
SharedArrayBuffer is disabled unconditionally. On top of that, this CL
introduces a new flag for enabling SharedArrayBuffer per context. If
that flag is set, a callback is used to determine whether
SharedArrayBuffer should be enabled.


Note that this only controls whether the SharedArrayBuffer constructor
should be exposed on the global object or not. It is always possible
to construct a SharedArrayBuffer using

  new WebAssembly.Memory({
    shared:true, initial:0, maximum:0 }).buffer.constructor;


There are few things which I do not like of this approach, but I did
not have better ideas:

1. The complex logic of dobule flag + callback. However, this seemed
the best way to me to not break embedders which rely on that flag
being enabled by default.

2. The fact that what actually matters is just whether the callback
returns `true` once. It would be good to check that the callback gives
a consistent return value, or to provide a better API that cannot be
missunderstood.


Bug: chromium:923807,chromium:1071424,chromium:1138860
Change-Id: Ibe3776fad4d3bff5dda9066967e4b20328014266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74378}
2021-05-05 10:40:47 +00:00
Nico Hartmann
f486a34342 [TurboFan] Add %VerifyType intrinsic
This CL adds a new %VerifyType compiler intrinsic that can be used
by tests and fuzzers to generate a runtime type check of the given
input value. Internally, %VerifyType is lowered to %AssertType
which is why checks are currently limited to range types.

tests to be const-correct.

Drive-by: Add a few consts to NodeProperties accessors to allow
Bug: v8:11724
Change-Id: I06842062d0e8278a5ba011d5a09947fe05b6e85e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859959
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74377}
2021-05-05 10:20:07 +00:00
Anton Bikineev
305aa12f8c cppgc: Save xmm registers on the stack
Microsoft x86_64 ABI considers XMM6-XMM15 as non-volatile
(callee-saved), which means that the compiler can store pointers in them.
We need to make sure they are pushed onto the stack inside the stack
scanning trampolines.

Bug: v8:11710
Change-Id: Ida804fe49d3d3b6f179ec276903a42ec8d3d86be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865745
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74376}
2021-05-05 09:57:47 +00:00
Thibaud Michaud
f6a3ef5643 [regalloc] Avoid duplicate moves for slot constraint
We potentially emitted the same gap move multiple times to satisfy slot
constraint of live ranges defined by a constant. Avoid this by keeping
track of already spilled ranges for a given instruction.

This is not expected to cause any regression because this case is rare.
If it does, a better approach to save allocations would be to re-use the
same vector by storing it somewhere that survives the function calls,
e.g. in the ConstraintBuilder.

Drive-by: Remove unused functions.

R=sigurds@chromium.org
CC=nicohartmann@chromium.org

Bug: chromium:1204748
Change-Id: I75a838a8b27775ecdeddb4c60cf72c56d5f1c2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871462
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74375}
2021-05-05 09:51:27 +00:00
Manos Koukoutos
37579df74e [wasm] Complete element segment features for reftypes/typed-funcref
Main changes:
- Allow global.get in elements segments with expressions-as-elements.
- Allow element segments with types other than funcref.

Detailed changes:
- Move WasmInitExpr to its own file. Add stream opearator << support.
- Simplify type of PrintCollection.
- Make WasmElemSegment use an array of WasmInitExpr's over the previous
  ad-hoc implementation. Move null_index to WasmModuleBuilder.
- Refactor consume_element_segment_header. Make it return a
  WasmElemSegment.
- Refactor consume_element_expr. Make it return a WasmInitExpr.
- Refactor DecodeElementSection. Make it invoke
  consume_element_segment_header, then populate its element array.
- Update module-instantiate.cc to handle global.get elements.
- Fix bug in wasm-objects.cc where the wrong type index was passed into
  module()->has_signature()
- Adapt and add tests.

Change-Id: I5abfbe424dbb750ee2dca59f91c451ffcb79f95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857959
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74374}
2021-05-05 09:25:37 +00:00
Ross McIlroy
3f28ca944d [compiler] Simplify and optimize Scheduler::PrepareUses.
Simplifies the traversal of nodes in Scheduler::PrepareUses to
avoid having to carefully order stack traversal for pre/post
ordering visits. Instead simply pre visit when pushing a node
onto the stack, then post visit the node when popping it from
the stack and then visiting it's inputs. This keeps the same
invariants required, but reduces visit overhead.

In addition, move checking for CoupledControlEdges out of
Increment/DecrementUnscheduledUseCounts such that the
coupled control edge calculation only needs to be done once
per node, rather than once for every input of the node. Also
remove unecessary recursion from these functions.

All told, these optimizations reduce the PrepareUses overhead
by 40-50%.

BUG=v8:9684

Change-Id: I934523a732892a1f66d7e77f8d04e200169080f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2863602
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74373}
2021-05-05 09:07:57 +00:00
Jakob Gruber
db89ea81e8 [compiler] Remove the old Ref ctor generator macro
This is the final part of a CL series that establishes
MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by
converting direct constructor uses to (Try)MakeRef calls, and then
marking the ctor as protected.

Bug: v8:7790
Change-Id: I41bfa226d48cbdfee53b434ec52004eb6507e67a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874166
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74372}
2021-05-05 08:55:07 +00:00
Jakob Gruber
2e8dd87919 [compiler] Use MakeRef for remaining types
This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.

Bug: v8:7790
Change-Id: I26faa6bc1934662c81ae127dee64bddffa428de9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874165
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74371}
2021-05-05 08:53:17 +00:00
Manos Koukoutos
202032c8fb [wasm][bug] Remove deleted WasmModule from typing cache
WasmModules were not removed from the global type judgement cache when
they were deleted. This created problems if another module got allocated
in the same location as a previously deleted module, by creating false
positive cache hits. This CL fixes this issue by removing WasmModule
from the cache as part of its destructor.

Bug: v8:11700
Change-Id: I4948e361dd681040807f35d759b647d1bce585dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859863
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74370}
2021-05-05 08:30:56 +00:00
Daniel Dromboski
8807f0ad48 [tools] More Python 3 compatibility fixes
These should all be forward/backward compatible with Python 2/Python 3.

[tools] Tweak statusfile.py for Python 3

.iteritems() does not exist in Python 3, only .items().

(While .iteritems() was meant to be an optimization over .items()
in Python 2, .items() should work fine, and it is forward/backward
compatible.)


[tools] Fix another Python 3 issue in mb.py

sys.platform used to return e.g. 'linux2', which is 'linux' plus
whatever the first digit of `uname -r` was when Python was built.
As of Python 3.3, it always returns just 'linux' for Linux OSes.
Use `sys.platform.startswith('linux')` for forward/backward
compatibility.


[tools] Make base_runner.py Python 3 compatible

dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).

(Tested on Linux x64, trying to recreate NodeJS's CI workflow.)


[tools] Make tools/dev/v8gen.py work with Python 3

dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).

Comparing a None-type value numerically used to result in the
None-type value always being considered "less than" the thing
it is compared to. As of Python 3, numerically comparing against
None or None-typed values results in an error. Check if a value
is truthy before numerically comparing it, for forward/backward
compatibility.

print() used to transparently decode byte strings in Python 2.
In Python 3, they must be explicitly decoded first.

(Tested on Linux 64-bit, trying to recreate NodeJS's CI workflow.)

Bug: v8:9871
Change-Id: I059bf98577a67649bbe7ec49848989d468da96b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867270
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74369}
2021-05-05 08:24:36 +00:00
Manos Koukoutos
8d6da6d5c9 [wasm][test] Initializer exprs. for element segments
Element segments and tables in tests used an ad-hoc mechanism to
describe the different types of initializer expressions, e.g. an number
which could denote either the value of a constant or the index of a
global. This CL tidies up and generalizes the test infrastructure by
directly using WasmInitExpr in those cases.

Additional changes:
- Introduce WasmElemSegment class.
- Remove obsolete --experimental-wasm-bulk-memory flag from tests.
- Rename WasmInitExpr.type -> kind.
- Remove dependency of wasm-module-builder from mjsunit.js (except in
  assertTraps).

Change-Id: I716254a04ceea9ceb8ac6b848e12e1637f618f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857638
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74368}
2021-05-05 08:23:26 +00:00
Jakob Gruber
e0192c6b21 [compiler] Use MakeRef for a few types
This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.

Bug: v8:7790
Change-Id: I36c07f69378f3a630462c216ef5da284cfd3972f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871449
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74367}
2021-05-05 04:50:25 +00:00
v8-ci-autoroll-builder
8338c7fbd1 Update V8 DEPS.
Rolling v8/build: b057259..85859d6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/785c56f..d4ee032

Rolling v8/third_party/depot_tools: 0292793..6b022d1

Rolling v8/third_party/google_benchmark/src: ba9a763..33c133a

Rolling v8/tools/clang: 84ada2d..dbcffda

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Id4968f10cd978198caa4dc523aef60a9a6a81092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873071
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74366}
2021-05-05 03:52:45 +00:00
Shu-yu Guo
dc9eca8a6e [ptr-cage] Share RO heap when sharing pointer compression cage
Bug: v8:11460
Change-Id: I97a21d158ad057334cc7fe5f53edc5c6c23d1355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2861711
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74365}
2021-05-04 21:30:15 +00:00
Shu-yu Guo
7dce6a2633 Fix speculation poisoning on x64
Pointer cage reserved another register and inadvertently broke
speculation poisoning by aliasing kSpeculationPoisonRegister with
kInterpreterBytecodeArrayRegister (r12).

This CL changes kInterpreterBytecodeArrayRegister to r11. Note that this
changes it from being callee-save to caller-save, which required code
reshuffling in a baseline builtin.

Bug: v8:11726
Change-Id: Ic2a1bd6b3a2cb4c480c84375dd3274f2efedc81f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869985
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74364}
2021-05-04 18:13:05 +00:00
Ng Zhi An
7f2d41fa37 [wasm-simd][ia32] Fix f64x2 min max to use registers
We don't have memory alignment yet, so using memory operands will cause
segv if we try to access the unaligned operands (on non-AVX systems).

The fix here is kept simple (the logic can be cleaned up a bit and
optimized to not use unique registers), in order to keep the cherry-pick
and back-merge as small and safe as possible.

Bug: chromium:1204071
Change-Id: Ieda23dcc097a06c6db20b952d7061708c3be0d24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869986
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74363}
2021-05-04 18:03:56 +00:00
Shu-yu Guo
68c9af01f5 [parser] Allow escaped future reserved keywords as identifiers
Bug: v8:11688
Change-Id: I35cf5d11d1a9af68be29c8e00224667ddbf07e7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2864388
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74362}
2021-05-04 17:58:26 +00:00
Huáng Jùnliàng
2b69a1f049 [parser] Allow escaped async in for-of
Bug: v8:11722
Change-Id: I34569071d74f0fe68b30cf3a596ea944440f1fec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2864703
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74361}
2021-05-04 17:11:45 +00:00
Clemens Backes
3c047b960a [cleanup][strings] Remove redundant NOLINT annotations
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.

R=leszeks@chromium.org

Bug: v8:11717
Change-Id: I7b54d7c75ef474749e22599a4bf16d9d309f4436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859950
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74360}
2021-05-04 17:10:35 +00:00
Seth Brenith
1bf7efbf13 Adjust loading of ntdll functions
Use a function pointer rather than lambda when loading unwinding
functions on Windows.

Bug: v8:7301
Change-Id: I00e9c895d9ffdce6ba485eaf4401a749faa5e825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867489
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74359}
2021-05-04 16:18:05 +00:00
Nico Hartmann
bcfc82ef54 [Torque] Provide a specialization of Cast<Context|Zero|Undefined>
Bug: v8:11727
Change-Id: Id78995e250e16f43687db1c7ce97a59c635b5424
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871459
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74358}
2021-05-04 15:28:45 +00:00
Santiago Aboy Solanes
799fa7b0a8 [object] Set/Get JSFunction::prototype_or_initial_map atomically
Maps set on the JSFunction were done so in a non-atomic way, which meant
that we were failing to have a synchronization point and the read/writes
could be reordered.

This started happening after a previous CL[1] moved some methods from
relaxed to non-atomic, which triggered TSAN (see v8:11696).

[1]: https://chromium-review.googlesource.com/c/v8/v8/+/2843359

Bug: v8:7790, v8:11696
Change-Id: I8472ff8b63d391376ee2f1dcf0a8b4fd7cecfcd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851893
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74357}
2021-05-04 13:52:45 +00:00
Camillo Bruni
e75736aed4 [tools][system-analyzer] Allow hiding tooltips when clicking elsewhere
Drive-by-fix:
- Show tooltips in list-panel entries
- Use fixed kChunkWidth in timeline-track

Bug: v8:10644
Change-Id: I738f613c9a35726b9ab4a6c51f784638eade9335
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867467
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74356}
2021-05-04 13:45:45 +00:00
Andreas Haas
78fa1453e1 [wasm] Change return type of WasmCode::index to int
WebAssembly.Function and functions of the C-API do not have a function
index. Their index is kAnonymousFuncIndex = -1. Therefore it is
necessary to change the return type of WasmCode::index() from uint to
int.

The changes in WasmFrame::Print produces output like the following:

[9]: CWasmEntryFrame [pc: 0x9d200084091]
[10]: Anonymous wasm wrapper [pc: 0x101c5975c972]
[11]: WASM [wasm://wasm/f4bee83a], function #1 ('fibonacci_wasm'), pc=0x101c5975c5dc (+0x7c), pos=123 (+32)

R=jkummerow@chromium.org

Bug: v8:11713
Change-Id: I1012e92713d64d24ed2a92729dd3c2e4a013b9c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871455
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74355}
2021-05-04 13:19:25 +00:00
Clemens Backes
fc377b056b [cleanup][codegen] Remove redundant NOLINT annotations
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.

R=mslekova@chromium.org

Bug: v8:11717
Change-Id: Ic986c01ac151cee9fc6f7d950d0c4c139ebac6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859852
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74354}
2021-05-04 12:34:25 +00:00
Clemens Backes
b82dd0b061 [cleanup][compiler] Remove redundant NOLINT annotations
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.

R=mslekova@chromium.org

Bug: v8:11717
Change-Id: Ib7dc2c9dbb1710f4fe47e083df7e373e8b8aef27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859956
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74353}
2021-05-04 12:28:55 +00:00
Jakob Gruber
0a407ecc12 [compiler] Use MakeRef in heap-refs.cc
Also add convenience overloads that take handles, and use them in
access-info.cc.

Bug: v8:7790
Change-Id: I47e14b407b6a57c15da06b0396f8ae9ebb3a447d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871445
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74352}
2021-05-04 12:00:05 +00:00
v8-ci-autoroll-builder
98275f18f6 Update V8 DEPS.
Rolling v8/build: 153efb2..b057259

Rolling v8/third_party/zlib: e8da4da..eb9ce8c

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ibdd230ba16b2f23938bae359d576eaec3443fb9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871396
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74351}
2021-05-04 11:20:05 +00:00
Alex Rudenko
03c6a2350c Revert "Expose V8CommandLineAPIScope and V8InspectorSession::createCommandLineAPI"
This reverts commit 1527c4878a.

Reason for revert: reverted in favour of https://chromium-review.googlesource.com/c/v8/v8/+/2857640

Original change's description:
> Expose V8CommandLineAPIScope and V8InspectorSession::createCommandLineAPI
>
> This CL extracts CommandLineAPIScope from V8Console and exposes it
> as V8CommandLineAPIScope. Also, it exposes V8InspectorSession::createCommandLineAPI.
> These changes will be used by InspectorPageAgent to install command
> line APIs when evaluating scripts added using CDP's command
> Page.addScriptToEvaluateOnNewDocument.
>
> Chromium CL: https://crrev.com/c/2835786
>
> Doc: https://docs.google.com/document/d/1zGG7-NZMb-aOfFfHf1u4VsP4C-lZettopCvYDC6pkBw/
> Bug: chromium:1200705
> Change-Id: I39b27f957cfb6d682ea84e385eaf25d09d261b58
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835712
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74096}

Bug: chromium:1200705
Change-Id: Ic7f411f3c66dd33c1b021dab90f202b361ee85c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859953
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74350}
2021-05-04 10:38:06 +00:00
Jakob Gruber
bfc8950ef0 [compiler] Fix --stress-concurrent-inlining
.. when concurrent recompilation is disabled by indirect means, e.g.
when --trace-turbo-graph is enabled.

Drive-by: Add an explicit isolate argument to GetOptimizedCode.

Bug: chromium:1204624
Change-Id: Iee4c10e60643473dbbe2b777ea8dbc0bc259282c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2866767
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74349}
2021-05-04 09:24:04 +00:00
Wenyu Zhao
4484a80f08 [heap] Skip iterator check in HeapObjectIterator when using TPH
Bug: v8:11641
Change-Id: I8138b8bfca661749cd73fcaca759c2a854fc1ada
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2870205
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74348}
2021-05-04 09:19:24 +00:00
Andreas Haas
d36918bc9f [wasm] Make manoskouk and thibaudm full wasm owners
R=bbudge@chromium.org, clemensb@chromium.org, gdeepti@chromium.org, jkummerow@chromium.org, zhin@chromium.org, mslekova@chromium.org

Change-Id: I162e59b8b474d2189e3827472ac7b1a68d7de3e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867480
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74347}
2021-05-04 08:11:05 +00:00
Victor Gomes
fab276ea61 [runtime] Remove dead code: FeedbackNexus::GetTypeProfile
Change-Id: Ide2262b9d0d6a5269ed9bf6694c194aeba8da828
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867465
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74346}
2021-05-04 08:05:24 +00:00
Dominik Inführ
9b78e758af [heap] Make creation of NewSpace and NewLargeObjectSpace optional
Both NewSpace and NewLargeObjectSpace aren't used with
FLAG_single_generation enabled. So far both spaces still existed but
weren't used in this mode. This CL makes both spaces optional, which
ensure that we do not inadvertently create objects in them or use them
in any other way.

Bug: v8:11644
Change-Id: I52a449c62e9d3df126c95419433d2abbd75539a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862768
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74345}
2021-05-04 06:47:54 +00:00
Benedikt Meurer
3fa681db7a [liveedit] Reduce peak memory usage of text diffing.
The algorithm used to compute the textual differences uses requires
quadratic space (in the size of the input scripts). Previously the
implementation was naively allocating a single matrix, which is commonly
very sparse, since the expectation for LiveEdit is that only a small
portion of the script is actually altered. So we can use a std::map here
instead to reduce the cost.

We can also significantly reduce the cost (especially of the stack grow
due to the recursion) by precomputing the common prefix, and pre-filling
the table for the common suffix, both of which are also assumed to make
up for the majority of the script in case of LiveEdit.

This is still only ducktape, but should mitigate the crashes in the wild
significantly. Ideally we'd eventually replace this with an
implementation of the Myers algorithm that runs in linear space.

Fixed: chromium:1199807
Change-Id: Ib5fa0b1aa63c67631f919dc3b6641dfc0b20ae74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867470
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74344}
2021-05-04 05:01:14 +00:00
v8-ci-autoroll-builder
e98bc3f2e8 Update V8 DEPS.
Rolling v8/build: 3309cd8..153efb2

Rolling v8/buildtools: 5da6005..e72cd45

Rolling v8/third_party/aemu-linux-x64: IkJe_PGoF9FZE4NgmhuVPlSogmI0pgjjHezTAckYoEYC..Q9wrtYCFy4whHc75FrdwzygrqI5DSmX_tuj8UJUcrckC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/00b6eba..785c56f

Rolling v8/third_party/depot_tools: f663e54..0292793

Rolling v8/tools/clang: 7bc447f..84ada2d

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I2668bd697a330723b215cb6daa626c17b368f63e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2870483
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74343}
2021-05-04 03:46:12 +00:00
Shu-yu Guo
2391742099 [heap] Require shared RO heap when using shared Isolate
The only exception is when pointer compression is on with a per-Isolate
cage.

Bug: v8:11708
Change-Id: Ice9b0114bc102c20b4151ec66a861ba673934605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2864563
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74342}
2021-05-04 00:57:22 +00:00
Omer Katz
39c43692c1 cppgc: Add AtomicCtorTag to Member types
AtomicCtorTag is needed by Blink to force atomic initialization of
members. This is used when reinitializing a member in a backing store.

Bug: chromium:1056170
Change-Id: I410766a9c9133a1f1c2ea2e1153cb1c61363459f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859944
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74341}
2021-05-03 20:31:12 +00:00